* install device that is designed to listen to speech in the house
* the device is connected to internet
* the device is capable of contacting other internet peers/services/hosts
* the device knows a bit about its owner's internet presence such as contacts
* the device is equipped with simple conversational user interface based on fuzzy human speech-command detection
These basically bound the failure modes of the complete system. I am not surprised that a glitch like that happened. I can certainly attest to how shocking it might be to discover first hand that it really did happen, but given the context I can't say it's hard to not foresee something like this.
"NEW TEXT MESSAGE TO JENNY! FUCK YOU! SEND!"
Fortunately the phone was too slow to take it all (even if it had Jenny would have found it amusing, she was a cube or two away). But yeah first thing I thought of was that if it's listening how easy is it for it to mistake intent or someone else or etc.
Humans talk funny, computers don't get it, they're gonna mistake commands all the time.
As it is I hate how I can't talk ABOUT "ok google" around my phone... because it always goes off.
Our manager was a bit concerned about if the microphones would get stolen as he looked out over the rows of computers with the microphones on top of each monitor.
I yelled "Computer, Shut down. Yes."
A good chunk of the computers had indeed shut down.
We decided to go back and remove all of the microphones from the computers. Theft was not as a large of a concern as a bored college student with a prankster attitude during finals and the riot that would have ensued.
$ uvcdynctrl -s 'LED1 Mode' <0..3>
0, 1 and 2 apply regardless of whether an application has an active video stream coming out of the camera.
Shh. (Hi NSA)
On several tech podcasts I listen to (http://atp.fm, https://daringfireball.net/thetalkshow/) they use fillers like "Yo, dingus!" to talk about alexa/hey siri/ok google
Like, are you referring to a sculpture made of cocaine in the image of a poodle, or are you talking about a poodle train in the ways of a St. Bernard rescue dog, capable of relaying quantities of said substance, or perhaps something else entirely?
>The track was inspired by an episode in which Iggy Pop, during a drug-fueled period at Bowie’s LA home, hallucinated and believed the television set was swallowing his girlfriend. Bowie developed a story of a holographic television, TVC 15. In the song, the narrator's girlfriend crawls into the television and afterwards, the narrator desires to crawl in himself to find her.
Then she'd ask me for help and rather than have to wait for her to find what button I was talking about I'd just tap the screen a few times and we were off and running again!
I'd been using Linux as my primary OS for years at that point, so I think I'm pretty critical of Microsoft in general, however they did a good job building a touchscreen interface.
The state of touchscreen support in Linux was pretty bad the last time I checked though.
Anecdotal — but have had no trouble for the last two years with my dell xps. Other issues with said laptop (keyboard), but touchscreen support in linux isn't one of them.
My Surface Pro 1 is the only computer I have with a touchscreen right now, and it has enough other driver issues (the wifi and the Wacom drivers suck) that I probably won't be trying again on that.
And in effect, that's what I've used for many years. I have a relatively large touchpad. And when I need resolution, a graphics tablet.
The Surface Studio is cool, but I'd want something that resisted coffee and food splatters ;) As the original Surface did. It could also scan text :) Which is something that I, when I was first learning about PCs, naively expected.
The 3gs had perfectly functional "play my xyz playlist", "next song," "play songs by artist" functionality, and to this day I don't understand why it took so long for Google to implement it, and why the implementation is so shitty.
Music interaction is a great example of the trade off.
though i can easily see with background noise, next song sounding like exxon. I think due to frustrations with siri, i talk to google in very clearly enunciated words and havent had any interesting failures yet.
He had to call the guy he tried to text to in order to apologize.
It worked several times and I found it really fucking hilarious. They did, too and now they guard their Alexas and use headphones.
“8… 7… 6… 5… 4… 3… 2… 1…
Hmm, nothing happened, maybe my count w… [ＢＯＯＭ]”
"WHERE TO BUY COCAINE, SAN FRANCISCO"
"HOW TO JOIN ISIS"
"PLUTONIUM FOR SALE NEAR ME"
The commands are usually recognized but turn up nonsensical results.
Also, Google saves all voice commands. If the NSA wants to check they'd just hear all of us doofuses giggling and trying to one up each other.
But if things like this _actually_ trigger any sort of response, then the effed up thing isn't the (childish) prank, it's the system actually acting on nonsense.
If I call the police and claim that you're armed and hold hostages, then that's irresponsible. If I shout bullshit instead and these novelty devices turn that into a web search, there's no way in hell that should have any consequences whatsoever.
And voice control didn't fail way back then because it wasn't good, it failed because it was a terrible input mechanism and that is why it will fail again.
The "failure" the first time around was that people wanted it to be the main interface, instead of accepting that where it works is as an ubiquitous auxiliary interface that's available everywhere in the house, rather than trying to compete with a keyboard when you're right in front of said keyboard.
Voice competes by working at a distance, even when your hands are not free.
It will never replace a keyboard, as there are so many instances where speaking commands is impractical, but it doesn't need to replace a keyboard to be useful.
There's nothing wrong in enjoying the writings of people whose political ideas you disagree with. I'd rather say that if you cannot do that, there's something wickedly wrong in you.
"A Modest Proposal"  would be seen in a very different light if we learned Jonathan Swift was serious.
And then of course that means everybody who is struggling, well those people just didn't want it enough, they aren't putting in the hard work like Adams. Frankly it's their fault thinks Adams.
Dilbert Future is twenty years old.
Not everything in the world need to be connected and associated with US politics and trump vs anti-trump politics. If we brought in the political views of every creator, inventor and artist than we would not be able to discuss anything on HN other than politics since every creator, inventor, and artist has a political view and people who agree and disagree with that political view.
Adams frequently pitches his book "Win Bigly"...marketing himself as one of the few people to predict Trump's rise, due to his rhetoric. Showing examples would just be marketing for Adams.
And really, why not make it a 55 gallon drum of personal lubricant instead?
Asking someone to silence their phone might just be an attempt to get them to unlock their phone before issuing the offending command.
but sure, I agree. That's why I questioned it.
Let this lady's reaction be a lesson to all of those who say "people don't care about privacy." She wired her home with Alexa devices, and yet when she found out how her privacy could practically be invaded through such devices, she seems like couldn't get rid of them fast enough.
People care deeply about their privacy. They just don't understand the true implications of even a device that's supposed to "listen to you" and the possibilities of what someone else could do to their internet-connected devices.
This is why governments must intervene with laws such as GDPR or even much stronger ones in the future to protect people's privacy, because the companies themselves have no incentive to "self-regulate" other than a negligible amount.
The only problem is some governments will not intervene unless enough people go through similar situations such as this lady. In the US even that may not help much because the vast majority of politicians care most about continuing to receive (however modest) donations (also called bribe money elsewhere) from the industry.
No, they don't. Do you really think if, before she made this purchase, someone explained to her all the things that could theoratically go wrong with this device, she would have chosen not to buy it?
She only cares now and acts like she doesn't share quite a bit of the blame because it actually affected her. I think it is highly likely she'll just switch to an Apple or Google equivalent instead of noticing the larger problem with these devices.
I think this would only indicate that she might care, but thought theoretical worst case scenarios are not sufficient evidence for an actual, non-negligible risk to her privacy. If they had told her that exactly this would definitely happen, I think she would not have bought the device.
I think one problem of explaining privacy issues to non-techies is justifying why theoretical problems often pose a real threat without sounding (to them) like a conspiracy theory nutcase.
The loss of privacy spreading throughout civilization is recent and rapid. It's not surprising that somebody might think about it differently after they've experienced it. We haven't had time to come to terms with what out technology can do.
"Amazon/Google/Apple/Facebook/X have very smart people who will not allow this to happen."
"I have nothing to hide."
"People who want to listen to our boring conversations are losers. Let them waste their time doing so."
And the list goes on. I'm not making any of this up.
And then when it (occasionally) happens to them, there is a whole lot of dramatic outrage and someone else must be blamed. (Although in this case, I agree someone else is to blame - but I've seen this play out when people explicitly agree in the contract to consequences, and are warned quite clearly by a human about the implications of the contract).
Response: "Cool. What's your e-mail password?"
Yes. Do you think if everyone knew what was going to happen with the Facebook scandal before it happened they would have signed up for Facebook? That's why it's called a "scandal."
I also noticed how they haven't left once the scandal came to light.
You and I must read different news sources.
From what I've read, Facebook is down over a billion visits in the last quarter.
I've visited less in the last month, but because they've changed the algo on my feed and it's not as interesting ... though that could be a network effect, but I'm getting quite different stuff.
Market failure does not imply government solution. You're going to need a much stronger argument than "companies aren't doing a good enough job."
Amazon invaded her privacy, she realized it, and now she doesn't use the product. If you want others to do the same, start raising awareness yourself instead of enacting nanny state laws with other people's money.
Case and point - 2008 Market Crash, everyone agrees the dishonest practices that led to the crash should have been made absolutely illegal (in the cases where they already weren't)
In this case, we have MANY significant and potentially extraordinarily damaging failures in the markets to effectively protect people's privacy occurring fairly regularly. GDPR is not the ideal solution my any metric, but that's a failure of government to create effective legislation - not a lack of need for effective rules.
We must not forget another critical component of all this: these always-on listening devices run on proprietary (nonfree, user-subjugating) software. Therefore the user has no permission to: inspect what it does, modify it to do only what the user wants (or, since most computer users aren't programmers, get someone technical they trust to perform such modifications for them), run the modified software in their device, and distribute copies of the improved software to help their community.
If these devices ran on free software (software that respected the user's freedom to run, inspect, modify, and share) the more technical among us could help them. But as it is even the most technically-minded willing person cannot legally do this work to help them.
As Eben Moglen reminded us after the Snowden revelations came out: It's critical that we don't fall into the trap of saying something akin to 'those kids take too many darn pictures' like concluding that we just can't have these devices or their services at all. We can have all of their alleged conveniences but only if we have free software implementations.
What are you giving your mom? A Mac running OSX or a PC running Linux?
I gave my 60 year old mother my old PC running Debian with dwm as its WM.
She likes it.
> The idea that if these devices ran free software they would be more humane than the proprietary software they currently run is ridiculous.
Is it though? I am pretty sure that Amazon already gathers free data from its users, such a thing would not exist in a free as in freedom device.
To be fair, the community came down on Ubuntu like a ton of bricks for the whole... Amazon search thing.
The main reason I won't have any of those products in my house is because of that. I'd much rather have a confirmation of some kind before the system takes action.
Assistant "I am recording"
Me: "Stop recording"
It might be a bit awkward at first to do that in front of strangers, but once it catches on, that will wear off. ;-)
Entering the pattern after it's locked is pretty much impossible though.
Also, the case adds to the pressure needed to depress the button anyway.
This sort of thing makes me nostalgic for the old days of explicit "Save" commands in every application.
And once you have Undo, it's nice if you always have Redo, in case you Undo once too many.
But it'd certainly be good with more feedback.
thats not foolproof but much better than what we have now, and i think we are pretty close
Phonetics is hard. Especially with ambient noise, echo and such. I had a conversation with one of the speech engineers when I worked at a speech recognition company and the level of detailed problems to solve was impressive. Totally made sense after talking about it, but things I would not have thought about before.
I'd imagine the next thing to come in this area that would really make an improvement is an "on person" microphone. Maybe it's a pen in your pocket, or some kind of vibration detection (that could pick up the wearers voice), that would then allow some improvemnts in the domain of "who is talking" and how well the voice is processed.
Both of these technologies work in nightclubs and fighter jets. I assume they are very high SNR, as far as ambient noise is concerned. The subvocal one might just be a phonetic/intonation input, which then requires voice synthesis if actual voice is the goal.
An alternative, "wireless" approach to near-perfect security would be to invent-plement some kind of vocal, human-executable GPG/TLS.
It doesn't even need to get good audio - just enough to give a bit of an indication that what the device picked up was me talking and not random noise and ideally some way to somewhat correlate it to the audio the device picked up to give it an indication it was me it heard. It'd also give you the option of setting the devices to require confirmation for certain types of orders if they were not confirmed by an authorised device, or if they were not confirmed by a device (so you could let people present give instructions but not some random joker on voice chat in your online game for example).
If we could get support for that into e.g. a watch, it'd be very much useful.
I believe any implementation of security through acoustic biometrics would be vulnerable to replay attacks.
Systems to reproduce acoustics with high fidelity are commonplace - You might be using the output component of such a system right now if you're listening to music.
You could make the Assistant remember the exact fingerprints of all previous activation phrases and only trust you if it was original. This could be circumvented if you spoke the activation phrase at any point where your assistant could not hear you, for example to another Assistant of the same brand.
Audio is definitely too easy to spoof for it to be a security method IMO.
it may have a place in security as well but i can only see it as part of a much more holistic model
This is exactly how the Google Home works right now.
I can, however, say "Hey Siri, call 867-5309." Or "Hey Siri, Facebook status: my anus is bleeding. SEND!"
Because we are apparently incapable of applying past lessons to new technologies.
My point is they're really half-assed products right now that are behaving badly/immaturely.
Serves me right for having screen reading on near my phone.....
(jk, jk, but seriously though)
And if their management is anything like my management, they go ahead and release it anyway.
The only problem here is that Google still doesn't recognise my voice half the time, perhaps because I'm never sure about how I should speak to an inanimate object.
Speaking of unlocking methods, face unlock appears to no longer be available as an option for me. I can't find it in settings anymore (smart unlock etc).
b) There is a great deal less ambiguity around "pressing buttons" than there is around interpreting speech. While it is unlikely that your phone will incorrectly detect button presses, it's very common for voice-activated devices to a) incorrectly detect a wake word (either negative or positively); and b) misunderstand some particular word used in the command. Your phone is not going to think you pressed the "Clothes" button when you actually pressed "Close".
c) The entire functionality of the device is accessible from behind that big ambiguous interface. On a phone, there are many distinct steps and screens to step through when you want to do something (this complex interface, by the way, is a non-trivial part of why butt-dials are quite rare these days). On a "smart speaker", most things are just one misheard statement/command away from occurring.
Does having the device programmed to make mistakes make it more comfortable to use, because we know humans are infallible too.
whats the analogous behaviour for alexa?
also remember these are shared devices in a home, not a personal device in your hand. could i shout into somebody's window, "hey alexa send my browsing history to firstname.lastname@example.org"!
While you may have never pocket dialled, plenty of people have. I've received more than a few accidental calls in the past.
I equate this to some phone users placing their devices hanging over the edge of tables - as if they don't care about them hitting the floor. Should phone makers toughen their phones and should Amazon improve Alexa anyway? Sure.
You'd think that there'd be protection. Maybe a restricted set of contacts who could get such messages. And a confirmation step, such as "Do you want to send this recording to 'my mother'?" Or "... to '911'?"
Edit: Damn, didn't see Clubber's comment.
Somehow it hasn't broken her (my wife) of the habit yet.
* devices can operate without user's knowledge
These types of devices are easy to accidentally trigger; it must be vastly obvious when that happens.
Amazon might as well record everything that you say and send it to the NSA.
They are just unlikely, not impossible.
You don't need cameras for that, just motion sensors.
> That server makes decisions on if lights should be on...in that room.
You don't need a server for that, just a motion-sensing switch. They can be totally offline. My office has them to shut off lights automatically when a conference room becomes unoccupied.
It can get annoying if you're not moving much, but the key point is: no camera or server required.
> That server makes decisions on...if A/C should be running in that room.
Ecobee thermostats can already do that using motion/temperature sensors. They run fine without an internet connection.
Thank goodness for phone flashlights!
A new dystopian developer-productivity metric.
By the way, German workplace safety regulations require a certain minimum of light at a workplace.
Maybe, but that seems like a lot of work for little gain.
You probably don't actually have that much control over the AC in your rooms unless you have zoned heating and a lot of zones, regardless of how smart your sensors are.
Intent is a very important factor when answering the question "should the lights be on," I don't think you'll be able to predict that. For instance: if movement is detected in the bedroom at 2AM, should the lights come on? The answer is: a very strong maybe.
That's how I feel about Alexa.
As someone who doesn't have a voice for radio, I much prefer being able to interact through dexterity. Besides, I'm very picky when it comes to which specific track of music is to be played (out of various similarly named pieces of music).
* I don't think take-up is quite as big as the tech world currently makes it out to be. People in my circles don't really have that kind of disposable income and are prioritising other purchases first.
So yeah, Alexa is a lot of extra literal work for little gain.
You would be collecting data from many sources in order to predict intent. This is why you need a centralized server.
Please explain, exactly, what other sources you would collect data from and how the central server would process it to determine if I want the lights on in the middle of the night.
IMHO, determining intent in this scenario is impossible without...
1. a mind-reading sensor, or...
2. an explicit user signal, such as a button-press or command.
The only realistic option is a user signal, and most of those options obviate a lot of these prediction ideas.
I think there's a lot less practical value to having a "central server" controlling everything than you seem to assume.
Machine learning navel-gazing is the new "throw a start-up at it", so I'm guessing the answer to this is going to be "if we have enough data..."
The more data, the more smarter. In fact, the only difference between a thermostat and the human mind is the number of datas. This is because the Law of Averages predicts that half of all datas will be relevant.
There are several important caveats to this statement.
> In fact, the only difference between a thermostat and the human mind is the number of datas.
This is an oversimplification that borders on dogma.
> This is because the Law of Averages predicts that half of all datas will be relevant.
An interesting interpretation and application.
> The second advisor, a software developer, immediately recognized the danger of such short-sighted thinking. [...] "A toaster that only makes toast will soon be obsolete. If we don't look to the future, we will have to completely redesign the toaster in just a few years."
My main point was the original poster's idea was probably focusing on the wrong kind of sensor for what he wanted to do. He could still network a bunch of motion sensors.
Also, I'd dispute the idea that my proposals were less "modifiable." If only because they're far easier to implement and a couple of orders of magnitude cheaper, so it's practical to replace if more capabilities are needed.
I don't think the number of people in a room will give you meaningful information to tell you "how much to crank up the HVAC." Also, the HVAC systems in most homes aren't capable of even cranking up the HVAC in a particular room.
This is what the "Internet of Things" should be doing, but seldom does.
A lot of home automation stuff seems like something that would be fun to make, but not something I really want to have. I mean, the AC might be a good energy saver (a smarter thermostat) but that's not something I want, more like something that I would buy if it was cheap and practical enough.
To some extent, this is a phenomenon of early technology. It feels full of potential, so you want to play with it but it doesn't really do anything you really need yet. The early web was ki d of like that. We made sites because we wanted to make sites, moreso than because we wanted to have them.
Home automation though... Im kind of skeptical that this goes anywhere useful. The useful examples people think of (eg remote close all the windows and lock the doors) are more about mechanisation than automation.
Alas, remote controlling those blinds would be a major hassle since AFAIK I would have to install 6 wifi-enabled devices and tear holes everywhere (not even sure there is a powerline near) - and likely do all the programming myself. Thanks but no thanks.
I've been working on a custom UI that sits on top of the Wink Hub API to unify everything, but I'be been stuck with their almost completely undocumented Pubnub event API.
Why would you even want such a system?
My flat uses the Button-Framework which provides a really convenient UI/UX. The edge between 2 nodes (rooms) has a button (a haptic device to switch between boolean states) at around hand-height that you can press to switch the light on or off. It works quite well (it uses a switch-system technically) and the user decides by her/himself if the light should be on or off and just presses the button after careful reasoning.
Granted, it doesn't use Docker, but it really works well and needs low-maintainance. My model is running since 23 years and I never had any issues - it's even open source.
And ideally? All of it integrated. It actually sounds nice to say "I'm going home", and have Maps say "today that will take 35, should your oven start preheating when you're 20 minutes out?" IoT devices are overrated, but I can absolutely imagine a critical mass of integrated tools being very useful.
But I'm not even slightly willing to do that. It's too much information and too much risk surface. I'd pay a hefty premium to get local-data-only versions of these products, but no one is offering that, and it doesn't look like they're going to start.
That sounds awesome until the company providing that service starts abusing their knowledge of their location. That abuse doesn't even have to necessarily be malicious in nature either. For example, Google Maps on Android started asking me to rate, review, and/or take photos of my present location if they deemed it a point of interest (certain restaurants, parks, etc). I never opted in to this feature and the only way to disable it that I've figured out is to literally disable all location services on the phone.
I really dislike the idea of Google storing a timestamped record of almost every place I've ever visited. Tt has to beconstantly phoning home in order to deliver the request to document my visit within a minute or two of my arrival and that constant reminder that Big Brother Google is tracking me at every moment is just disturbing on so many levels. Even if they aren't using that data right now, remember the "data is never destroyed" principle of the internet.
On a side note, I would have ditched Android if I didn't need it for work simply because use of the GPS radio is hidden behind the acceptance of enabling Google's Location system and all the invasions of privacy that entails.
Not yet preheating the oven though :)
Waze also knows where I'm going in advance and most of the time it gets it right, like every Thu evening "are you heading to [evening school] ?". My weekly schedule is exactly the same 99% of the time but sometimes it still makes obvious mistakes. If you need an AI for that it must be a very simple one, yet it still fails.
Google maps also auto saves my parking location most of the time but other times it doesn't, for reasons unknown. Things like that make it hard for me to have faith in future versions of this stuff.
Open source, gets you most of the way there.
I think "find" and similar tools are now much more advanced so it might work better out of the box now.
> They should feel more comfortable than an equivalent system built by a company that is looking to profit off of your data - and additionally, you can give the guest stronger guarantees that when you say that the system is "off", it actually is.
They won't, because they'll be concerned the person that implemented it is a creeper. When regular people think "cameras installed in the room," they think this: https://www.bustle.com/p/airbnb-host-was-caught-with-a-hidde...
Distrust of a person is more more immediate in visceral. Distrust of a company is more distant and esoteric. The former usually trumps the latter.
Your vulnerability isn't a targeted attack: you are not valuable enough to be worth the effort to figure out your system. As an attacker on your system I'd have to figure out how to break in, and then how to use the hardware you have. You are more valuable as part of a botnet - attacks that already exist. (if you are a politician then maybe, but that person is also vulnerable to a targeted attack on their amazon system - probably more so because the target is easier to figure out).
As a random example: let's say that I want to kill someone who lives in your neighborhood. I could analyze your conversations, comings and goings to figure out when and how to kill that person, and blame it on you. I could on a continual basis run numbers on everyone emitting data in your neighborhood, until someone had arrived at a point where their friends would testify against them on the basis of conversations with the potential patsy, that patsy had no alibi, and tailor the murder on the basis of the means that the patsy had available to them at the time.
I could also just be trying to figure out if you were a homosexual, or muslim.
That is they will target everybody because they know in a few years that will include somebody who they currently think is a nobody.
Of course as AI gets better and cheaper they may eventually listen to everything to see what who can be targeted automatically for what.
Just working for a company that an agency is surveilling is enough to make you worth targeting.
The main fight needs to happen at application level, not infrastructure. Cloud services are already mostly transparent and interchangeable. But applications aren't. The problem is, it's the application vendor that owns the code, determines where's going to run, and asks you to send over the data. How it should be working, is that you own the data and determine location of computing, and own or rent code to be run on that data.
An encrypted hard disk with the key on a USB stick would be enough, just keep the key somewhere separate and you'll only have to plug it in when there's a power outage.
I’d recommend something like this in every room, or even IR sensors, over cameras. You don’t want to capture video of your children jerking off.
You could just use an infrared motion sensor. They are dirt cheap and widely used for controlling lights.
The AC unit at work has one, too.
So, all of this already exists. Without spying capabilities, that is.
There are many methods for occupancy tracking without cameras. IR sensors, antennas in the walls, NFC (bleh), proximity sensors.
A cookie is a device "that is inserted under the clients head by the brain and kept there for a week, giving it time to accurately replicate the individuals consciousness. It is then removed and installed in a larger, egg shaped device which can be connected to a computer or tablet (to automate their smart house controls as if the house was knew their personal preferences moving from room to room.)"
Low tech alternative solution from my friends? Get LEDs. Never turn off the lights. This way the room you are going to will always be lit.
hackaday.com/blog/ will have some details on how people set up computer home controllers as well as working with OpenCV
Less likely to be seen as creepy and such systems already exist.
If you just need 'is a person in this room' or 'how many people are in this room' levels of data, solutions to this problem have existed for decades. No need to over complicate a solved problem.
I'm pretty sure all current technology only works with the have a wifi decide on your person. It is significantly easier to do this and for the most part good enough.
Not only can you detect motion and objects through physical mass using WiFi spectrum with a properly equipped device, you can detect if someone is breathing.
“What's more, this "Time Reversal Machine" technology is essentially just some clever algorithmic work with little burden on the processor, so it can potentially be added to any existing WiFi mesh routers via a firmware update. In other words, security system vendors should take note.”
The following processing is outside the scope of the GDPR:
- any activity outside the scope of EU law (e.g., activities of a Member State in relation to national criminal law);
- any activity performed by Member States when carrying out activities in relation to the common foreign and security policy of the EU;
- any activity performed by a natural person in the course of a purely personal or household activity;
- any processing by the EU itself;
- any activities performed by national authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences, or performance of judicial functions.